Compliance Frameworks
CyberOrigen supports 7 major compliance frameworks out of the box, with automatic control mapping across frameworks.
Supported Frameworks
| Framework | Coverage | Use Case |
|---|---|---|
| SOC 2 | Full | Service organizations |
| PCI-DSS | Full | Payment card processing |
| ISO 27001 | Full | Information security |
| HIPAA | Full | Healthcare data |
| GDPR | Full | EU data protection |
| DORA | Full | EU financial services |
| NIST CSF | Full | Cybersecurity framework |
Control Mapping
CyberOrigen automatically maps controls across frameworks. When you implement a control, it's automatically associated with relevant requirements in all applicable frameworks.
Example Mapping
| Control | SOC 2 | PCI-DSS | ISO 27001 | HIPAA |
|---|---|---|---|---|
| Access Control Policy | CC6.1 | 7.1 | A.9.1.1 | 164.312(a)(1) |
| Encryption at Rest | CC6.7 | 3.4 | A.10.1.1 | 164.312(a)(2)(iv) |
| Audit Logging | CC7.2 | 10.1 | A.12.4.1 | 164.312(b) |
Compliance Dashboard
The GRC dashboard provides:
- Compliance Score: Overall and per-framework percentages
- Control Status: Implemented, partial, not implemented
- Gap Analysis: Missing controls and requirements
- Evidence Status: Linked evidence per control
- Audit Trail: Complete history of changes
Evidence Management
Each control can have linked evidence:
- Documents: Policies, procedures, screenshots
- Automated: System configurations, logs
- Third-party: Vendor attestations, certifications
Evidence is organized by:
- Control requirement
- Time period
- Evidence type
- Review status
Audit Workflow
CyberOrigen streamlines audit preparation:
- Scope Definition: Select frameworks and controls
- Evidence Collection: Automated and manual gathering
- Gap Remediation: AI-suggested fixes
- Sampling: Statistical sampling for large populations
- Report Generation: Framework-specific reports
Continuous Compliance
Unlike point-in-time audits, CyberOrigen provides:
- Real-time Monitoring: Control status dashboards
- Drift Detection: Alerts when controls degrade
- Automated Testing: Scheduled control tests
- Evidence Refresh: Automatic evidence updates
Getting Started
- Select Frameworks: Choose applicable frameworks in Settings
- Import Controls: Use templates or create custom controls
- Map Controls: AI-assisted mapping to requirements
- Collect Evidence: Link documents and automated evidence
- Monitor: Dashboard shows compliance posture
See individual framework guides for specific requirements and best practices.